Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various fixes to supply chain compromises catalog #1224

Merged
merged 5 commits into from Jan 28, 2024
Merged

Various fixes to supply chain compromises catalog #1224

merged 5 commits into from Jan 28, 2024

Conversation

adityasaky
Copy link
Contributor

This PR makes various fixes to the catalog of supply chain compromises.

  • Adds references in listing where missing
  • Recategorizes some incidents based on whether source code repository was affected or just release artifacts

@adityasaky
catalog: Fix SquirrelMail listing
b5899b8 
Update listing to indicate the primary attack was against a release
artifact rather than a source code repository.

Signed-off-by: Aditya Sirish <aditya@saky.in>
@adityasaky
catalog: Add reference to WordPress listing
8f4106b 
Signed-off-by: Aditya Sirish <aditya@saky.in>
@adityasaky
catalog: Update gentoo rsync listing
759c4c2 
The compromise was of an rsync server responsible for serving users with
package sources. It seems more accurate to categorize this as a
publishing infrastructure attack.

Signed-off-by: Aditya Sirish <aditya@saky.in>
@adityasaky
catalog: Recategorize ProFTPD incident
be858f2 
From descriptions, this primarily seems to have targeted the publishing
infrastructure.

Signed-off-by: Aditya Sirish <aditya@saky.in>
@adityasaky
catalog: Add publishing infrastructre to WP themes
cc3f67a 
Signed-off-by: Aditya Sirish <aditya@saky.in>
@netlify Netlify
Copy link

netlify bot commented Jan 28, 2024
edited

Deploy Preview for tag-security ready!

Name Link
🔨 Latest commit cc3f67a
🔍 Latest deploy log https://app.netlify.com/sites/tag-security/deploys/65b676f8272ea900082f8d88
😎 Deploy Preview https://deploy-preview-1224--tag-security.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

JustinCappos
JustinCappos approved these changes Jan 28, 2024
View reviewed changes
Copy link
Collaborator

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for these updates. LGTM

@JustinCappos JustinCappos merged commit 127b064 into cncf:main Jan 28, 2024
10 of 11 checks passed
@adityasaky adityasaky deleted the catalog-fixes branch January 28, 2024 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JustinCappos JustinCappos JustinCappos approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@adityasaky @JustinCappos